China indictments spotlight military's vulnerability

By Sean Lyngaas

May 22, 2014

The Justice Department’s indictment this week of five Chinese military officials on cyber espionage charges raised the specter of China’s alleged ongoing efforts to steal intellectual property from the U.S. military.

The hacking alleged in the indictment did not surprise defense-industry cyber experts interviewed by FCW. China’s targeting of American military know-how is no secret. Nor was the Pentagon caught off guard, according to a spokesperson, who said the department had advance notice of the indictment.

How prepared the defense industry is for such cyber espionage in the long run will depend, at least in part, on an information-sharing framework between government and contractors that participants say has improved in recent years.

A confidential 2013 Defense Department report cited by the Washington Post said Chinese spies had hacked designs for some of the United States’ most advanced weapons systems. The public version of that report by the Pentagon’s Defense Science Board named China and Russia as nation-states capable of penetrating well-defended systems and willing to try “lower-tier exploits first before exposing their most advanced capabilities.”

The Chinese military engages in cyber operations that range in sophistication from the very basic to complex coding that targets American drones and strike fighters, said Tony Cole, vice president and global government CTO at FireEye, a network security firm.

Defending against those more advanced threats is complicated by the IT embedded in weapons systems. DOD has admitted that it has work to do to shore up such IT-enabled vulnerabilities.

“While DOD takes great care to secure the use and operation of the ‘hardware’ of its weapon systems, the same level of resource and attention is not spent on the complex network of information technology (IT) systems that are used to support and operate those weapons or critical IT capabilities embedded within them,” the 2013 DOD report concluded.

The department’s “dependence on this vulnerable technology is a magnet to U.S. opponents,” and DOD’s efforts to address the problem were “fragmented,” the report said.

A senior DOD official expressed similar concerns at an industry event last month. “Employing reverse engineering techniques, adversaries can exploit weapon-system technical plans for their own benefit. Perhaps even more significant, they have gained insight into operational concepts and system use, developed from decades of U.S. operational and developmental experience,” the official said.

The cybersecurity posture of U.S. allies also affects that of Washington, according to Cole.

China is “not stealing just from us. If we have new technology that we’re developing, many times we’re sharing that very closely with our allies,” he said. China’s cyber spies also have in their crosshairs Great Britain and, in their own neighborhood, South Korea and Japan, he said.

But Cole said that this added vulnerability should not make Washington less willing to share its military capabilities with allies.

“I think we just need to actually have wider awareness of the risk, across the board, to other governments that we share technology with, as well as their integrator community that supports them,” he argued.

The Defense Industrial Base Cybersecurity Information Assurance program is one of government and industry’s main information-sharing mechanisms for warding off cyber espionage. Defense officials have lauded it for improving trust between government and contractors in sharing threats.

Cole was optimistic about the ability of programs like DIB CS/IA to cope with China’s state-sponsored hacking. If “somebody goes after a new jet that we’re building, maybe they get wing design and that’s all they get, because we catch it, we find out, we stop it, and they only get a component of it, versus pulling down a terabyte of data and they have the entire design,” he said.